My OS is Windows XP Home edition. I have a cable connection to get on the internet. Last night I did a virus scan and Norton found a file called BlackBox.class* which I think was a Trojan Horse. My fire wall is ZoneAlarm Pro which usually will not let them through. And I frequently go to Steve Gibson's web site and check my ports. It always check out OK. All my ports checked out as stealth. So, I was surprised that it was on there. Here's what I'm wondering: Just before I ran the virus scan, I downloaded and installed an update to ZoneAlarm. Whenever I install ZoneAlarm's update, I've been told to first uninstall the current version before installing the update. I did uninstall my current version. So for a few minutes, I had no firewall. Do you think that for the few minutes my firewall was shutdown, the Trojan Horse could have sneaked in? If that's the case, next time I shut down my firewall, I'm going to disconnect my cable. Would appreciate some comments on this. Thanks
~Frank~

I can't answer the specifics here - trojans can be seriously tricky things - piggybacking on almost anything. As far as upgrading your firewall, what you suggested is exactly what I do - if you need to uninstall, do so whilst your cable modem is disabled. get your new version up and running, and then re-enable. perhaps someone else here can give you more specific advice on your problem - good luck.

A quick look on altavista shows that blackbox is a windows manager, often used in linux. whether this belongs on a windows system is beyond me, but I've no doubt someone else can enlighten you more.

This is NOT listed as a trojan horse in my updated copy of "The Cleaner" - which has a current database of around 7000 trojans.

Neither is it shown as Spyware by "Spybot Search and Destroy.

Google searches seem to indicate that it is some kind of Java programming tool, which then showed up as a false positive in NAV.

Presumably, Norton quarantined the offending file anyway.

Subject to further advice - and BlackBox.class* could of course be dangerous - I would be inclined to revert your XP drive to a point before NAV picked it up.

Good luck! :) :)

Might be a good idea to download and run Hijack this, to see exactly what is running. Download HERE (http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip).

David

Hi FrankSG,

I did upgrade of ZA free recently,
they recommended installing the new version over the existing ZA version, so I guess we have to read each before upgrades?

:eek:

they recommended installing the new version over the existing ZA You're right. ZoneAlarm has always said this. But everything else I have ever read about firewalls (and from some good reliable sources) says that you should never install a firewall over an existing one. One time when I installed over the existing, I had some problem getting connected until I uninstalled and then reinstalled.I would want to think that ZoneAlarm should know how to do it. But, just to be on the safe side I have alway uninstalled first. To be perfectly honest, I'm not sure which is the correct way. I'm wondering how some of the other members on this forum think on this.

I was nervous about doing it without uninstalling too, I remember uninstalling when upgrading from ZA 2 to ZA 3. I had no problem, but I see posts here about issues that come up with ZA and I also see posts about their customer support problems. :(

I found this via Google:

http://www.lavasoftsupport.com/index.php?showtopic=9374&st=0&#entry72939

I hope you don't have Kazaa which seemed to be the issue in that link.

New version of HiJack This posted in the Forums today:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip

Yes, run the HijackThis log....

Usually with ZA going from 2.x to 2.y it is ok to install over top of an existing install. When making major version changes like going from 2.x to 3.0 then uninstall and do a clean (as clean as ZA will allow without a major round with Regedit) install.

I also found this in Gogle search:

http://www.computing.net/security/wwwboard/forum/6340.html

Usually with ZA going from 2.x to 2.y it is ok to install over top of an existing install. When making major version changes like going from 2.x to 3.0 then uninstall and do a clean (as clean as ZA will allow without a major round with Regedit) install That sounds right. If my memory serves me correctly, the time I had my problem was when it was a major upgrade. And from what I have seen, ZA for whatever reason, does a poor job of uninstalling. There is are a lot of files that don't come off, and a lot of entries in the registry that stay there. Like you mentioned, to get rid of everything you have to do a "major round with Regedit."